Badly configured and defective device drivers - the software programs that make hardware components operate correctly - can impact negatively only on the performance of a computer system. Right?
Wrong! Defective drivers for devices such as network interface cards can also compromise your network`s security.
"The fact that defective drivers can cause major problems, ranging from degradation of system performance to system failure is well understood and documented. Now there`s new evidence from British security software company, NGS Software, which demonstrates that poorly designed and tested drivers can create potentially severe security vulnerabilities for businesses," explains Paul Wandrag, QA Architect Compuware Corporation SA.
In fact, NGS Software has shown that defective drivers for devices such as network interface cards (NIC) can leak sensitive information onto a network, potentially leading to attacks through local area networks.
"Several third-party device drivers that ship with Windows Server 2003, the first product under Microsoft`s Secure Computing initiative, contain a vulnerability that causes them to leak potentially sensitive data during TCP transmissions," explains Wandrag.
"The data that has been leaked in test situations includes passwords and login names, which researchers have been able to retrieve, proving that hackers could use this exploit to access sensitive data."
Compuware Corporation has a solution to this vulnerability. The company recently upgraded its driver development environment, which accelerates code development while improving the quality of Windows drivers.
DriverStudio contains solutions for the complete development lifecycle from initial driver generation, debugging and testing, to tuning and deployment, while accelerating driver development. This promotes the development of structured Windows device drivers that meet strict quality standards for Windows Hardware Quality Labs (WHQL) driver certification.
Al Gillen, Research Director of System Software at IDC, says: "Microsoft`s continued drive to minimise Windows system outages depends heavily upon high-quality, fully-tested device drivers. The integration of DriverStudio 3.0 with Visual Studio.NET simplifies and speeds the process of developing reliable drivers, while making the DriverStudio 3.0 tool set conveniently accessible from within Visual Studio .NET."
Wandrag notes that there are many methods that hackers can - and do - apply in order to exploit vulnerable computer systems.
"Security is becoming an increasingly important issue for companies, especially in the light of new governance regulations. It is also accepted that most breaches occur as a result of known vulnerabilities. It is therefore critical that developers eliminate all known vulnerabilities by using proven solutions that prevent the introduction of new security holes; when writing drivers, this situation is no different," he concludes.
Share